CVE-2008-4327

Name of the Vulnerable Software and Affected Versions: GDI+ in Microsoft Windows XP SP3

Description: The issue arises from the improper handling of crafted .ico files by gdiplus.dll in GDI+, leading to a denial of service. This can be triggered by remote attackers via a specifically crafted .ico file on a web site, causing a divide-by-zero error and application crash. User-assisted attackers can also exploit this by placing the crafted .ico file on the desktop, resulting in a persistent application crash.

Recommendations: For GDI+ in Microsoft Windows XP SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.